paseto

package module
v1.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 19, 2023 License: MIT Imports: 23 Imported by: 143

README

Go Paseto Go-Paseto

A Go implementation of PASETO.

Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards.

Contents

What is Paseto?

Paseto (Platform-Agnostic SEcurity TOkens) is a specification for secure stateless tokens.

Key Differences between Paseto and JWT

Unlike JSON Web Tokens (JWT), which gives developers more than enough rope with which to hang themselves, Paseto only allows secure operations. JWT gives you "algorithm agility", Paseto gives you "versioned protocols". It's incredibly unlikely that you'll be able to use Paseto in an insecure way.

Caution: Neither JWT nor Paseto were designed for stateless session management. Paseto is suitable for tamper-proof cookies, but cannot prevent replay attacks by itself.

Installation

go get -u aidanwoods.dev/go-paseto

Overview of the Go library

Okay, let's create a token:

token := paseto.NewToken()

token.SetIssuedAt(time.Now())
token.SetNotBefore(time.Now())
token.SetExpiration(time.Now().Add(2 * time.Hour))

token.SetString("user-id", "<uuid>")

Now encrypt it:

key := paseto.NewV4SymmetricKey() // don't share this!!

encrypted := token.V4Encrypt(key, nil)

Or sign it (this allows recievers to verify it without sharing secrets):


secretKey := paseto.NewV4AsymmetricSecretKey() // don't share this!!!
publicKey := secretKey.Public() // DO share this one

signed := token.V4Sign(secretKey, nil)

To handle a recieved token, let's use an example from Paseto's test vectors:

The Paseto token is as follows

v4.public.eyJkYXRhIjoidGhpcyBpcyBhIHNpZ25lZCBtZXNzYWdlIiwiZXhwIjoiMjAyMi0wMS0wMVQwMDowMDowMCswMDowMCJ9v3Jt8mx_TdM2ceTGoqwrh4yDFn0XsHvvV_D0DtwQxVrJEBMl0F2caAdgnpKlt4p7xBnx1HcO-SPo8FPp214HDw.eyJraWQiOiJ6VmhNaVBCUDlmUmYyc25FY1Q3Z0ZUaW9lQTlDT2NOeTlEZmdMMVc2MGhhTiJ9

And the public key, given in hex is:

1eb9dbbbbc047c03fd70604e0071f0987e16b28b757225c11f00415d0e20b1a2

Importing a public key, and then verifying a token:

publicKey, err := paseto.NewV4AsymmetricPublicKeyFromHex("1eb9dbbbbc047c03fd70604e0071f0987e16b28b757225c11f00415d0e20b1a2") // this wil fail if given key in an invalid format
signed := "v4.public.eyJkYXRhIjoidGhpcyBpcyBhIHNpZ25lZCBtZXNzYWdlIiwiZXhwIjoiMjAyMi0wMS0wMVQwMDowMDowMCswMDowMCJ9v3Jt8mx_TdM2ceTGoqwrh4yDFn0XsHvvV_D0DtwQxVrJEBMl0F2caAdgnpKlt4p7xBnx1HcO-SPo8FPp214HDw.eyJraWQiOiJ6VmhNaVBCUDlmUmYyc25FY1Q3Z0ZUaW9lQTlDT2NOeTlEZmdMMVc2MGhhTiJ9"

parser := paseto.NewParserWithoutExpiryCheck() // only used because this example token has expired, use NewParser() (which checks expiry by default)
token, err := parser.ParseV4Public(publicKey, signed, nil) // this will fail if parsing failes, cryptographic checks fail, or validation rules fail

// the following will succeed
require.JSONEq(t,
    "{\"data\":\"this is a signed message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}",
    string(token.ClaimsJSON()),
)
require.Equal(t,
    "{\"kid\":\"zVhMiPBP9fRf2snEcT7gFTioeA9COcNy9DfgL1W60haN\"}",
    string(token.Footer()),
)
require.NoError(t, err)

Supported Claims Validators

The following validators are supported:

func ForAudience(audience string) Rule
func IdentifiedBy(identifier string) Rule
func IssuedBy(issuer string) Rule
func NotExpired() Rule
func Subject(subject string) Rule
func ValidAt(t time.Time) Rule

A token using claims all the claims which can be validated can be constructed as follows:

token := paseto.NewToken()

token.SetAudience("audience")
token.SetJti("identifier")
token.SetIssuer("issuer")
token.SetSubject("subject")

token.SetExpiration(time.Now().Add(time.Minute))
token.SetNotBefore(time.Now())
token.SetIssuedAt(time.Now())

secretKeyHex := "b4cbfb43df4ce210727d953e4a713307fa19bb7d9f85041438d9e11b942a37741eb9dbbbbc047c03fd70604e0071f0987e16b28b757225c11f00415d0e20b1a2"
secretKey, _ := paseto.NewV4AsymmetricSecretKeyFromHex(secretKeyHex)

signed := token.V4Sign(secretKey, nil)

The token in signed can then be validated using a public key as follows:

parser := paseto.NewParser()
parser.AddRule(paseto.ForAudience("audience"))
parser.AddRule(paseto.IdentifiedBy("identifier"))
parser.AddRule(paseto.IssuedBy("issuer"))
parser.AddRule(paseto.Subject("subject"))
parser.AddRule(paseto.NotExpired())
parser.AddRule(paseto.ValidAt(time.Now()))

publicKeyHex := "1eb9dbbbbc047c03fd70604e0071f0987e16b28b757225c11f00415d0e20b1a2"
publicKey, err := paseto.NewV4AsymmetricPublicKeyFromHex(publicKeyHex)
if err != nil {
    // panic or deal with error of invalid key
}

parsedToken, err := parser.ParseV4Public(publicKey, signed, nil)
if err != nil {
    // deal with error of token which failed to be validated, or cryptographically verified
}

If everything succeeds, the value in parsedToken will be equivalent to that in token.

Supported Paseto Versions

Version 4

Version 4 is fully supported.

Version 3

Version 3 is fully supported.

Version 2

Version 2 is fully supported.

Supported Go Versions

Only officially supported versions of Go will be supported by Go Paseto. Versions of Go which have recently gone out of support may continue to work with this library for some time, however this is not guarenteed and should not be relied on.

When support for an out of date version of Go is dropped, this will be done as part of a minor version bump.

Documentation

Overview

A Go implementation of PASETO. Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// V2Local represents a v2 protocol in local mode
	V2Local = Protocol{Version2, Local}
	// V2Public represents a v2 protocol in public mode
	V2Public = Protocol{Version2, Public}
	// V3Local represents a v3 protocol in local mode
	V3Local = Protocol{Version3, Local}
	// V3Public represents a v3 protocol in public mode
	V3Public = Protocol{Version3, Public}
	// V4Local represents a v4 protocol in local mode
	V4Local = Protocol{Version4, Local}
	// V4Public represents a v4 protocol in public mode
	V4Public = Protocol{Version4, Public}
)

Functions

This section is empty.

Types

type Parser 

type Parser struct {
	// contains filtered or unexported fields
}

Parser is used to verify or decrypt a token, and can be provided with a set of rules.

func MakeParser 

func MakeParser(rules []Rule) Parser

MakeParser allows a parser to be constructed with a specified set of rules.

func NewParser 

func NewParser() Parser

NewParser returns a parser with NotExpired rule preloaded.

func NewParserForValidNow 

func NewParserForValidNow() Parser

NewParserForValidNow returns a parser that will require parsed tokens to be valid "now".

func NewParserWithoutExpiryCheck 

func NewParserWithoutExpiryCheck() Parser

NewParserWithoutExpiryCheck returns a parser with no currently set rules.

func (*Parser) AddRule 

func (p *Parser) AddRule(rule ...Rule)

AddRule will add the given rule(s) to any already specified.

func (Parser) ParseV2Local 

func (p Parser) ParseV2Local(key V2SymmetricKey, tainted string) (*Token, error)

ParseV2Local will parse and decrypt a v2 local paseto and validate against any parser rules. Error if parsing, decryption, or any rule fails.

func (Parser) ParseV2Public 

func (p Parser) ParseV2Public(key V2AsymmetricPublicKey, tainted string) (*Token, error)

ParseV2Public will parse and verify a v2 public paseto and validate against any parser rules. Error if parsing, verification, or any rule fails.

func (Parser) ParseV3Local 

func (p Parser) ParseV3Local(key V3SymmetricKey, tainted string, implicit []byte) (*Token, error)

ParseV3Local will parse and decrypt a v3 local paseto and validate against any parser rules. Error if parsing, decryption, or any rule fails.

func (Parser) ParseV3Public added in v1.1.0 

func (p Parser) ParseV3Public(key V3AsymmetricPublicKey, tainted string, implicit []byte) (*Token, error)

ParseV3Public will parse and verify a v3 public paseto and validate against any parser rules. Error if parsing, verification, or any rule fails.

func (Parser) ParseV4Local 

func (p Parser) ParseV4Local(key V4SymmetricKey, tainted string, implicit []byte) (*Token, error)

ParseV4Local will parse and decrypt a v4 local paseto and validate against any parser rules. Error if parsing, decryption, or any rule fails.

func (Parser) ParseV4Public 

func (p Parser) ParseV4Public(key V4AsymmetricPublicKey, tainted string, implicit []byte) (*Token, error)

ParseV4Public will parse and verify a v4 public paseto and validate against any parser rules. Error if parsing, verification, or any rule fails.

func (*Parser) SetRules 

func (p *Parser) SetRules(rules []Rule)

SetRules will overwrite any currently set rules with those specified.

func (Parser) UnsafeParseFooter 

func (p Parser) UnsafeParseFooter(protocol Protocol, tainted string) ([]byte, error)

UnsafeParseFooter returns the footer of a Paseto message. Beware that this footer is not cryptographically verified at this stage, nor are any claims validated.

type Protocol 

type Protocol struct {
	// contains filtered or unexported fields
}

Protocol represents a set of cryptographic operations for paseto

func NewProtocol 

func NewProtocol(version Version, purpose Purpose) (Protocol, error)

NewProtocol creates a new protocol with a given version and purpose (both must be valid)

func (Protocol) Header 

func (p Protocol) Header() string

Header computes the header for the protocol

func (Protocol) Purpose 

func (p Protocol) Purpose() Purpose

Purpose returns the purpose for a protocol

func (Protocol) Version 

func (p Protocol) Version() Version

Version returns the version for a protocol

type Purpose 

type Purpose string

Purpose represents either local or public paseto mode 

const (
	// Local is a paseto mode which encrypts the token
	Local Purpose = "local"
	// Public is a paseto mode which signs the token
	Public Purpose = "public"
)

type Rule 

type Rule func(token Token) error

Rule validates a given token for certain required preconditions (defined by the rule itself). If validation fails a Rule MUST return an error, otherwise error MUST be nil.

func ForAudience 

func ForAudience(audience string) Rule

ForAudience requires that the given audience matches the "aud" field of the token.

func IdentifiedBy 

func IdentifiedBy(identifier string) Rule

IdentifiedBy requires that the given identifier matches the "jti" field of the token.

func IssuedBy 

func IssuedBy(issuer string) Rule

IssuedBy requires that the given issuer matches the "iss" field of the token.

func NotBeforeNbf added in v1.1.3 

func NotBeforeNbf() Rule

NotBeforeNbf requires that the token is allowed to be used according to the time when this rule is checked and the "nbf" field of a token. Beware that this rule does not validate the token's "iat" or "exp" fields, or even require their presence.

func NotExpired 

func NotExpired() Rule

NotExpired requires that the token has not expired according to the time when this rule is checked and the "exp" field of a token. Beware that this rule does not validate the token's "iat" or "nbf" fields, or even require their presence.

func Subject 

func Subject(subject string) Rule

Subject requires that the given subject matches the "sub" field of the token.

func ValidAt 

func ValidAt(t time.Time) Rule

ValidAt requires that the token has not expired according to the given time and the "exp" field, and that the given time is both after the token's issued at time "iat", and the token's not before time "nbf".

type RuleError added in v1.2.0 

type RuleError struct {
	// contains filtered or unexported fields
}

Any error which is the result of a rule failure (distinct from a TokenError) Can be used to detect cryptographically valid tokens which have failed only due to a rule failure: which may warrant a slightly different processing follow up.

func (RuleError) Error added in v1.2.0 

func (e RuleError) Error() string

func (RuleError) Is added in v1.2.0 

func (_ RuleError) Is(e error) bool

func (RuleError) Unwrap added in v1.2.0 

func (e RuleError) Unwrap() error

type Token 

type Token struct {
	// contains filtered or unexported fields
}

Token is a set of paseto claims, and a footer

func MakeToken 

func MakeToken(claims map[string]interface{}, footer []byte) (*Token, error)

MakeToken allows specifying both claims and a footer.

func NewToken 

func NewToken() Token

NewToken returns a token with no claims and no footer.

func NewTokenFromClaimsJSON 

func NewTokenFromClaimsJSON(claimsData []byte, footer []byte) (*Token, error)

NewTokenFromClaimsJSON parses the JSON using encoding/json in claimsData and returns a token with those claims, and the specified footer.

func (Token) Claims 

func (t Token) Claims() map[string]interface{}

Claims gets the stored claims.

func (Token) ClaimsJSON 

func (token Token) ClaimsJSON() []byte

ClaimsJSON gets the stored claims as JSON.

func (Token) Footer 

func (t Token) Footer() []byte

Footer returns the token's footer

func (Token) Get 

func (t Token) Get(key string, output interface{}) (err error)

Get gets the given key and writes the value into output (which should be a a pointer), if present by parsing the JSON using encoding/json.

func (Token) GetAudience 

func (t Token) GetAudience() (string, error)

GetAudience returns the token's "aud" field, or error if not found or not a string.

func (Token) GetExpiration 

func (t Token) GetExpiration() (time.Time, error)

GetExpiration returns the token's "exp" field, or error if not found or not a a RFC3339 compliant time.

func (Token) GetIssuedAt 

func (t Token) GetIssuedAt() (time.Time, error)

GetIssuedAt returns the token's "iat" field, or error if not found or not a a RFC3339 compliant time.

func (Token) GetIssuer 

func (t Token) GetIssuer() (string, error)

GetIssuer returns the token's "iss" field, or error if not found or not a string.

func (Token) GetJti 

func (t Token) GetJti() (string, error)

GetJti returns the token's "jti" field, or error if not found or not a string.

func (Token) GetNotBefore 

func (t Token) GetNotBefore() (time.Time, error)

GetNotBefore returns the token's "nbf" field, or error if not found or not a a RFC3339 compliant time.

func (Token) GetString 

func (t Token) GetString(key string) (string, error)

GetString returns the value for a given key as a string, or error if this is not possible (cannot be a string, or value does not exist)

func (Token) GetSubject 

func (t Token) GetSubject() (string, error)

GetSubject returns the token's "sub" field, or error if not found or not a string.

func (Token) GetTime 

func (t Token) GetTime(key string) (time.Time, error)

GetTime returns the time for a given key as a string, or error if this is not possible (cannot parse as a time, or value does not exist)

func (*Token) Set 

func (token *Token) Set(key string, value interface{}) error

Set sets the key with the specified value. Note that this value needs to be serialisable to JSON using encoding/json. Set will check this and return an error if it is not serialisable.

func (*Token) SetAudience 

func (t *Token) SetAudience(audience string)

SetAudience sets the token's "aud" field.

func (*Token) SetExpiration 

func (t *Token) SetExpiration(exp time.Time)

SetExpiration sets the token's "exp" field.

func (*Token) SetFooter 

func (t *Token) SetFooter(footer []byte)

SetFooter sets the token's footer

func (*Token) SetIssuedAt 

func (t *Token) SetIssuedAt(iat time.Time)

SetIssuedAt sets the token's "iat" field.

func (*Token) SetIssuer 

func (t *Token) SetIssuer(issuer string)

SetIssuer sets the token's "iss" field.

func (*Token) SetJti 

func (t *Token) SetJti(identifier string)

SetJti sets the token's "jti" field.

func (*Token) SetNotBefore 

func (t *Token) SetNotBefore(nbf time.Time)

SetNotBefore sets the token's "nbf" field.

func (*Token) SetString 

func (t *Token) SetString(key string, value string)

SetString sets the given key with value. If, for some reason, the provided string cannot be serialised as JSON SetString will panic.

func (*Token) SetSubject 

func (t *Token) SetSubject(subject string)

SetSubject sets the token's "sub" field.

func (*Token) SetTime 

func (t *Token) SetTime(key string, value time.Time)

SetTime sets the given key with the given time, encoded using RFC3339 (the time format used by common PASETO claims).

func (Token) V2Encrypt 

func (t Token) V2Encrypt(key V2SymmetricKey) string

V2Encrypt signs the token, using the given key.

func (Token) V2Sign 

func (t Token) V2Sign(key V2AsymmetricSecretKey) string

V2Sign signs the token, using the given key.

func (Token) V3Encrypt 

func (t Token) V3Encrypt(key V3SymmetricKey, implicit []byte) string

V3Encrypt signs the token, using the given key and implicit bytes. Implicit bytes are bytes used to calculate the encrypted token, but which are not present in the final token (or its decrypted value). Implicit must be reprovided for successful decryption, and can not be recovered.

func (Token) V3Sign added in v1.1.0 

func (t Token) V3Sign(key V3AsymmetricSecretKey, implicit []byte) string

V3Sign signs the token, using the given key and implicit bytes. Implicit bytes are bytes used to calculate the signature, but which are not present in the final token. Implicit must be reprovided for successful verification, and can not be recovered.

func (Token) V4Encrypt 

func (t Token) V4Encrypt(key V4SymmetricKey, implicit []byte) string

V4Encrypt signs the token, using the given key and implicit bytes. Implicit bytes are bytes used to calculate the encrypted token, but which are not present in the final token (or its decrypted value). Implicit must be reprovided for successful decryption, and can not be recovered.

func (Token) V4Sign 

func (t Token) V4Sign(key V4AsymmetricSecretKey, implicit []byte) string

V4Sign signs the token, using the given key and implicit bytes. Implicit bytes are bytes used to calculate the signature, but which are not present in the final token. Implicit must be reprovided for successful verification, and can not be recovered.

type TokenError added in v1.2.0 

type TokenError struct {
	// contains filtered or unexported fields
}

Any cryptography issue (with the token) or formatting error. This does not include cryptography errors with input key material, these will return regular errors.

func (TokenError) Error added in v1.2.0 

func (e TokenError) Error() string

func (TokenError) Is added in v1.2.0 

func (_ TokenError) Is(e error) bool

func (TokenError) Unwrap added in v1.2.0 

func (e TokenError) Unwrap() error

type V2AsymmetricPublicKey 

type V2AsymmetricPublicKey struct {
	// contains filtered or unexported fields
}

V2AsymmetricPublicKey V2 public public key

func NewV2AsymmetricPublicKeyFromBytes added in v1.1.1 

func NewV2AsymmetricPublicKeyFromBytes(publicKey []byte) (V2AsymmetricPublicKey, error)

NewV2AsymmetricPublicKeyFromBytes Construct a v2 public key from bytes

func NewV2AsymmetricPublicKeyFromEd25519 added in v1.5.0 

func NewV2AsymmetricPublicKeyFromEd25519(publicKey ed25519.PublicKey) (V2AsymmetricPublicKey, error)

NewV2AsymmetricPublicKeyFromEd25519 Construct a v2 public key from a standard Go object

func NewV2AsymmetricPublicKeyFromHex 

func NewV2AsymmetricPublicKeyFromHex(hexEncoded string) (V2AsymmetricPublicKey, error)

NewV2AsymmetricPublicKeyFromHex Construct a v2 public key from hex

func (V2AsymmetricPublicKey) ExportBytes added in v1.1.1 

func (k V2AsymmetricPublicKey) ExportBytes() []byte

ExportBytes export a V2AsymmetricPublicKey to raw byte array

func (V2AsymmetricPublicKey) ExportHex 

func (k V2AsymmetricPublicKey) ExportHex() string

ExportHex export a V2AsymmetricPublicKey to hex for storage

type V2AsymmetricSecretKey 

type V2AsymmetricSecretKey struct {
	// contains filtered or unexported fields
}

V2AsymmetricSecretKey V2 public private key

func NewV2AsymmetricSecretKey 

func NewV2AsymmetricSecretKey() V2AsymmetricSecretKey

NewV2AsymmetricSecretKey generate a new secret key for use with asymmetric cryptography. Don't forget to export the public key for sharing, DO NOT share this secret key.

func NewV2AsymmetricSecretKeyFromBytes added in v1.1.1 

func NewV2AsymmetricSecretKeyFromBytes(privateKey []byte) (V2AsymmetricSecretKey, error)

NewV2AsymmetricSecretKeyFromBytes creates a secret key from bytes

func NewV2AsymmetricSecretKeyFromEd25519 added in v1.5.0 

func NewV2AsymmetricSecretKeyFromEd25519(privateKey ed25519.PrivateKey) (V2AsymmetricSecretKey, error)

NewV2AsymmetricSecretKeyFromEd25519 creates a secret key from a standard Go object

func NewV2AsymmetricSecretKeyFromHex 

func NewV2AsymmetricSecretKeyFromHex(hexEncoded string) (V2AsymmetricSecretKey, error)

NewV2AsymmetricSecretKeyFromHex creates a secret key from hex

func NewV2AsymmetricSecretKeyFromSeed 

func NewV2AsymmetricSecretKeyFromSeed(hexEncoded string) (V2AsymmetricSecretKey, error)

NewV2AsymmetricSecretKeyFromSeed creates a secret key from a seed (hex)

func (V2AsymmetricSecretKey) ExportBytes added in v1.1.1 

func (k V2AsymmetricSecretKey) ExportBytes() []byte

ExportBytes export a V2AsymmetricSecretKey to raw byte array

func (V2AsymmetricSecretKey) ExportHex 

func (k V2AsymmetricSecretKey) ExportHex() string

ExportHex export a V2AsymmetricSecretKey to hex for storage

func (V2AsymmetricSecretKey) ExportSeedHex 

func (k V2AsymmetricSecretKey) ExportSeedHex() string

ExportSeedHex export a V2AsymmetricSecretKey's seed to hex for storage

func (V2AsymmetricSecretKey) Public 

func (k V2AsymmetricSecretKey) Public() V2AsymmetricPublicKey

Public returns the corresponding public key for a secret key

type V2SymmetricKey 

type V2SymmetricKey struct {
	// contains filtered or unexported fields
}

V2SymmetricKey v2 local symmetric key

func NewV2SymmetricKey 

func NewV2SymmetricKey() V2SymmetricKey

NewV2SymmetricKey generates a new symmetric key for encryption

func V2SymmetricKeyFromBytes added in v1.1.1 

func V2SymmetricKeyFromBytes(bytes []byte) (V2SymmetricKey, error)

V2SymmetricKeyFromBytes constructs a key from bytes

func V2SymmetricKeyFromHex 

func V2SymmetricKeyFromHex(hexEncoded string) (V2SymmetricKey, error)

V2SymmetricKeyFromHex constructs a key from hex

func (V2SymmetricKey) ExportBytes added in v1.1.1 

func (k V2SymmetricKey) ExportBytes() []byte

ExportBytes exports the key as raw bytes

func (V2SymmetricKey) ExportHex 

func (k V2SymmetricKey) ExportHex() string

ExportHex exports the key as hex for storage

type V3AsymmetricPublicKey added in v1.1.0 

type V3AsymmetricPublicKey struct {
	// contains filtered or unexported fields
}

V3AsymmetricPublicKey v3 public public key

func NewV3AsymmetricPublicKeyFromBytes added in v1.1.1 

func NewV3AsymmetricPublicKeyFromBytes(publicKeyBytes []byte) (V3AsymmetricPublicKey, error)

NewV3AsymmetricPublicKeyFromBytes Construct a v3 public key from bytes

func NewV3AsymmetricPublicKeyFromEcdsa added in v1.5.0 

func NewV3AsymmetricPublicKeyFromEcdsa(publicKey ecdsa.PublicKey) (V3AsymmetricPublicKey, error)

NewV3AsymmetricPublicKeyFromEcdsa Construct a v3 public key from a standard Go object

func NewV3AsymmetricPublicKeyFromHex added in v1.1.0 

func NewV3AsymmetricPublicKeyFromHex(hexEncoded string) (V3AsymmetricPublicKey, error)

NewV3AsymmetricPublicKeyFromHex Construct a v3 public key from hex

func (V3AsymmetricPublicKey) ExportBytes added in v1.1.1 

func (k V3AsymmetricPublicKey) ExportBytes() []byte

ExportBytes export a V3AsymmetricPublicKey to raw byte array

func (V3AsymmetricPublicKey) ExportHex added in v1.1.0 

func (k V3AsymmetricPublicKey) ExportHex() string

ExportHex export a V3AsymmetricPublicKey to hex for storage

type V3AsymmetricSecretKey added in v1.1.0 

type V3AsymmetricSecretKey struct {
	// contains filtered or unexported fields
}

V3AsymmetricSecretKey v3 public private key

func NewV3AsymmetricSecretKey added in v1.1.0 

func NewV3AsymmetricSecretKey() V3AsymmetricSecretKey

NewV3AsymmetricSecretKey generate a new secret key for use with asymmetric cryptography. Don't forget to export the public key for sharing, DO NOT share this secret key.

func NewV3AsymmetricSecretKeyFromBytes added in v1.1.1 

func NewV3AsymmetricSecretKeyFromBytes(secretBytes []byte) (V3AsymmetricSecretKey, error)

NewV3AsymmetricSecretKeyFromBytes creates a secret key from bytes

func NewV3AsymmetricSecretKeyFromEcdsa added in v1.5.0 

func NewV3AsymmetricSecretKeyFromEcdsa(privateKey ecdsa.PrivateKey) (V3AsymmetricSecretKey, error)

NewV3AsymmetricSecretKeyFromBytes creates a secret key from a standard Go object

func NewV3AsymmetricSecretKeyFromHex added in v1.1.0 

func NewV3AsymmetricSecretKeyFromHex(hexEncoded string) (V3AsymmetricSecretKey, error)

NewV3AsymmetricSecretKeyFromHex creates a secret key from hex

func (V3AsymmetricSecretKey) ExportBytes added in v1.1.1 

func (k V3AsymmetricSecretKey) ExportBytes() []byte

ExportBytes export a V3AsymmetricSecretKey to raw byte array

func (V3AsymmetricSecretKey) ExportHex added in v1.1.0 

func (k V3AsymmetricSecretKey) ExportHex() string

ExportHex export a V3AsymmetricSecretKey to hex for storage

func (V3AsymmetricSecretKey) Public added in v1.1.0 

func (k V3AsymmetricSecretKey) Public() V3AsymmetricPublicKey

Public returns the corresponding public key for a secret key

type V3SymmetricKey 

type V3SymmetricKey struct {
	// contains filtered or unexported fields
}

V3SymmetricKey v3 local symmetric key

func NewV3SymmetricKey 

func NewV3SymmetricKey() V3SymmetricKey

NewV3SymmetricKey generates a new symmetric key for encryption

func V3SymmetricKeyFromBytes added in v1.1.1 

func V3SymmetricKeyFromBytes(bytes []byte) (V3SymmetricKey, error)

V3SymmetricKeyFromBytes constructs a key from bytes

func V3SymmetricKeyFromHex 

func V3SymmetricKeyFromHex(hexEncoded string) (V3SymmetricKey, error)

V3SymmetricKeyFromHex constructs a key from hex

func (V3SymmetricKey) ExportBytes added in v1.1.1 

func (k V3SymmetricKey) ExportBytes() []byte

ExportBytes exports the key as raw byte array

func (V3SymmetricKey) ExportHex 

func (k V3SymmetricKey) ExportHex() string

ExportHex exports the key as hex for storage

type V4AsymmetricPublicKey 

type V4AsymmetricPublicKey struct {
	// contains filtered or unexported fields
}

V4AsymmetricPublicKey v4 public public key

func NewV4AsymmetricPublicKeyFromBytes added in v1.1.1 

func NewV4AsymmetricPublicKeyFromBytes(publicKey []byte) (V4AsymmetricPublicKey, error)

NewV4AsymmetricPublicKeyFromBytes Construct a v4 public key from bytes

func NewV4AsymmetricPublicKeyFromEd25519 added in v1.5.0 

func NewV4AsymmetricPublicKeyFromEd25519(publicKey ed25519.PublicKey) (V4AsymmetricPublicKey, error)

NewV4AsymmetricPublicKeyFromEd25519 Construct a v2 public key from a standard Go object

func NewV4AsymmetricPublicKeyFromHex 

func NewV4AsymmetricPublicKeyFromHex(hexEncoded string) (V4AsymmetricPublicKey, error)

NewV4AsymmetricPublicKeyFromHex Construct a v4 public key from hex

func (V4AsymmetricPublicKey) ExportBytes added in v1.1.1 

func (k V4AsymmetricPublicKey) ExportBytes() []byte

ExportBytes export a V4AsymmetricPublicKey to raw byte array

func (V4AsymmetricPublicKey) ExportHex 

func (k V4AsymmetricPublicKey) ExportHex() string

ExportHex export a V4AsymmetricPublicKey to hex for storage

type V4AsymmetricSecretKey 

type V4AsymmetricSecretKey struct {
	// contains filtered or unexported fields
}

V4AsymmetricSecretKey v4 public private key

func NewV4AsymmetricSecretKey 

func NewV4AsymmetricSecretKey() V4AsymmetricSecretKey

NewV4AsymmetricSecretKey generate a new secret key for use with asymmetric cryptography. Don't forget to export the public key for sharing, DO NOT share this secret key.

func NewV4AsymmetricSecretKeyFromBytes added in v1.1.1 

func NewV4AsymmetricSecretKeyFromBytes(privateKey []byte) (V4AsymmetricSecretKey, error)

NewV4AsymmetricSecretKeyFromBytes creates a secret key from bytes

func NewV4AsymmetricSecretKeyFromEd25519 added in v1.5.0 

func NewV4AsymmetricSecretKeyFromEd25519(privateKey ed25519.PrivateKey) (V4AsymmetricSecretKey, error)

NewV4AsymmetricSecretKeyFromEd25519 creates a secret key from a standard Go object

func NewV4AsymmetricSecretKeyFromHex 

func NewV4AsymmetricSecretKeyFromHex(hexEncoded string) (V4AsymmetricSecretKey, error)

NewV4AsymmetricSecretKeyFromHex creates a secret key from hex

func NewV4AsymmetricSecretKeyFromSeed 

func NewV4AsymmetricSecretKeyFromSeed(hexEncoded string) (V4AsymmetricSecretKey, error)

NewV4AsymmetricSecretKeyFromSeed creates a secret key from a seed (hex)

func (V4AsymmetricSecretKey) ExportBytes added in v1.1.1 

func (k V4AsymmetricSecretKey) ExportBytes() []byte

ExportBytes export a V4AsymmetricSecretKey to raw byte array

func (V4AsymmetricSecretKey) ExportHex 

func (k V4AsymmetricSecretKey) ExportHex() string

ExportHex export a V4AsymmetricSecretKey to hex for storage

func (V4AsymmetricSecretKey) ExportSeedHex 

func (k V4AsymmetricSecretKey) ExportSeedHex() string

ExportSeedHex export a V4AsymmetricSecretKey's seed to hex for storage

func (V4AsymmetricSecretKey) Public 

func (k V4AsymmetricSecretKey) Public() V4AsymmetricPublicKey

Public returns the corresponding public key for a secret key

type V4SymmetricKey 

type V4SymmetricKey struct {
	// contains filtered or unexported fields
}

V4SymmetricKey v4 local symmetric key

func NewV4SymmetricKey 

func NewV4SymmetricKey() V4SymmetricKey

NewV4SymmetricKey generates a new symmetric key for encryption

func V4SymmetricKeyFromBytes added in v1.1.1 

func V4SymmetricKeyFromBytes(bytes []byte) (V4SymmetricKey, error)

V4SymmetricKeyFromBytes constructs a key from bytes

func V4SymmetricKeyFromHex 

func V4SymmetricKeyFromHex(hexEncoded string) (V4SymmetricKey, error)

V4SymmetricKeyFromHex constructs a key from hex

func (V4SymmetricKey) ExportBytes added in v1.1.1 

func (k V4SymmetricKey) ExportBytes() []byte

ExportBytes exports the key as raw byte array

func (V4SymmetricKey) ExportHex 

func (k V4SymmetricKey) ExportHex() string

ExportHex exports the key as hex for storage

type Version 

type Version string

Version represents a valid paseto version 

const (
	// Version2 corresponds to paseto v2 tokens
	Version2 Version = "v2"
	// Version3 corresponds to paseto v3 tokens
	Version3 Version = "v3"
	// Version4 corresponds to paseto v4 tokens
	Version4 Version = "v4"
)

Source Files

View all Source files

Directories

Path Synopsis
internal
encoding
hashing
random

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.